[Standards] OpenID for XMPP (Was: Authorization over HTTP)

Tomasz Sterna tomek at xiaoka.com
Fri Nov 9 16:20:49 UTC 2007


Dnia 09-11-2007, Pt o godzinie 07:39 -0800, anders conbere pisze:
> This is exactly why I'm talking about, and why openID is not a good
> solution here. OpenID is fantastic at "prooving you're the user you
> say you are" this means that we could safely /Authenticate/ with a
> jabber server. but we want to do more than that, we want to grant a
> client continued access to those restricted api's (in this case roster
> add / remove / request and maybe message sending).

How very untrue...
http://openid.net/specs/openid-attribute-exchange-1_0-07.html

This is the protocol my OpenID gives my e-mail addresses, birthdate,
gender, avatar, PO address, my JIDs and other IM IDs, and many more, to
the requesting parties.

During first login to the site with OpenID I'm informed which pieces of
information the external party requested, and I'm able to choose which I
want to give, and the period that the acceptance is valid (one-time,
until some date or forever).


-- 
  /\_./o__ Tomasz Sterna
 (/^/(_^^'  Xiaoka.com
._.(_.)_  XMPP: smoku at xiaoka.com




More information about the Standards mailing list